%term

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

Feb 4, 2026 By Theklis Stefani In Sentrium

During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.

Read Post

Sentrium

Read more about Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

AI Code Generation: 3 Critical Security Risks

Feb 4, 2026 By Snyk In Snyk

AI Code Generation: 3 Critical Security Risks.

View Video

Snyk

Read more about AI Code Generation: 3 Critical Security Risks

The Prescriptive Path to Operationalizing AI Security

Feb 3, 2026 By Brian Rogan In Snyk

In introducing the AI Security Fabric, we have outlined how security must evolve as software is built by humans, models, and autonomous agents working at machine speed. The Fabric defines the architectural shift required to build trust at AI speed, delivered through the Snyk AI Security Platform. We’re now focusing on the next question: how organizations put that vision into practice. Operationalizing AI security is not about enabling a single feature or deploying a tool.

Read Post

Snyk

Read more about The Prescriptive Path to Operationalizing AI Security

Introducing the AI Security Fabric: Empowering Software Builders in the Era of AI

Feb 3, 2026 By Manoj Nair In Snyk

Today, we’re thrilled to introduce the AI Security Fabric, delivered through the Snyk AI Security Platform, and operationalized through a prescriptive path for AI security. As software creation shifts to humans, models, and autonomous agents working together at machine speed, security must evolve just as fundamentally. The AI Security Fabric defines the new paradigm, and the Prescriptive Path shows how the Snyk AI Security Platform gets you there.

Read Post

Snyk

Read more about Introducing the AI Security Fabric: Empowering Software Builders in the Era of AI

Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk

Feb 3, 2026 By Emma Stevens In BitSight

A critical vulnerability (CVE-2025-40551) has been identified in SolarWinds Web Help Desk, a widely used IT service management platform deployed across enterprise and public sector environments to manage support tickets, assets, and internal workflows. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the underlying host system.

Read Post

BitSight

Read more about Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk

CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Feb 3, 2026 By foresiet In Foresiet

CVE-2026-25253 is a high-severity vulnerability (CVSS 8.8) in OpenClaw (formerly Clawdbot/Moltbot), an open-source AI agent framework. It allows attackers to exfiltrate authentication tokens via a crafted URL, leading to full gateway compromise and remote code execution (RCE) with one click. Disclosed in early February 2026, it affects versions before 2026.1.29.

Read Post

Foresiet

Read more about CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Introducing Detectify Internal Scanning for internal scanning behind the firewall

Feb 3, 2026 By Detectify In Detectify

Detectify Internal Scanning is an internal vulnerability scanning solution that brings Detectify’s proprietary crawling and fuzzing engine behind your firewall. Built for AppSec and DevOps teams, it enables authenticated testing of internal applications, admin panels, staging environments, and microservices, all from a single, unified platform. Teams can now monitor both internal and external vulnerabilities side by side, without slowing down release cycles.

Read Post

Detectify

Read more about Introducing Detectify Internal Scanning for internal scanning behind the firewall

Notepad++ Publishes Full Details of 2025 Compromise

Feb 3, 2026 By Andres Ramos In Arctic Wolf

On February 2, 2026, the Notepad++ open source project disclosed new details about a supply chain compromise that impacted its update delivery infrastructure between June and December 2025. The attack was attributed to state-sponsored threat actors with links to China. In this campaign, the threat actors had gained access to a third-party hosting provider used by Notepad++ to distribute updates.

Read Post

Arctic Wolf

Read more about Notepad++ Publishes Full Details of 2025 Compromise

Cyberthreat Detection: Key Steps Every Company Should Take

Feb 3, 2026 By SecuritySenses In SecuritySenses

Today, an organization's survival is intrinsically linked to its cybersecurity posture. Proactive cyberthreat detection has transitioned from a technical best practice to a core business imperative. With adversaries employing increasingly sophisticated methods, from AI-driven phishing campaigns to fileless malware and stealthy lateral movement, relying solely on preventive controls can be a recipe for failure. A robust detection strategy is what separates companies that suffer prolonged breaches from those that contain incidents swiftly.

Read Post

SecuritySenses

Read more about Cyberthreat Detection: Key Steps Every Company Should Take

Snyk Advisor is Reshaping Package Intelligence on Snyk Security Database

Feb 2, 2026 By Noa Yaffe-Ermoza In Snyk

Choosing safe, healthy open source dependencies shouldn’t require jumping between tools or piecing together context from multiple places. Developers and AppSec teams need package health signals exactly where security decisions already happen. This is why we’re bringing Snyk Advisor data into security.snyk.io.

Read Post